sindresorhus / create-dmg

As far as I know I have the appropriate certificate installed but create-dmg always returns Code signing identity: (unavailable).

However, if I don't use the --identity parameter, it simply reports:

Code signing failed. The DMG is fine, just not code signed.
No suitable code signing identity found

Is this an issue with create-dmg or am I dining something wrong?

In case it helps, these are the results of running certtool and security to query for a valid code signing certificate:

$ certtool y | grep "Apple Development"
Common Name     : Apple Development: XXXXXXX (YYYYYYY)

$ security find-identity -p codesigning

Policy: Code Signing
  Matching identities
  1) 631CE7F7260DDB20BCD2BC1727AC015A21945DAE "Apple Development: XXXXXXX (YYYYYYY)"
  2) 631CE7F7260DDB20BCD2BC1727AC015A21945DAE "Apple Development: XXXXXXX (YYYYYYY)"
     2 identities found

  Valid identities only
  1) 631CE7F7260DDB20BCD2BC1727AC015A21945DAE "Apple Development: XXXXXXX (YYYYYYY)"
  2) 631CE7F7260DDB20BCD2BC1727AC015A21945DAE "Apple Development: XXXXXXX (YYYYYYY)"
     2 valid identities found

You need an appropriate DMG certificate for distribution. For development, you can just let it not sign.

create-dmg/cli.js

Lines 171 to 174 in 6edb030

    
           } else if (!cli.flags.identity && stdout.includes('Developer ID Application:')) { 
        
           	identity = 'Developer ID Application'; 
        
           } else if (!cli.flags.identity && stdout.includes('Mac Developer:')) { 
        
           	identity = 'Mac Developer';

	} else if (!cli.flags.identity && stdout.includes('Developer ID Application:')) {
	identity = 'Developer ID Application';
	} else if (!cli.flags.identity && stdout.includes('Mac Developer:')) {
	identity = 'Mac Developer';